http://archive.is/0z931
http://archive.is/Zxu3k
http://archive.is/lJ7mf
>The flaw was first uncovered by Google vulnerability researcher Tavis Ormandy on February 17, but could have been leaking data since as long ago as September 22. In certain conditions, Cloudflare’s platform inserted random data from any of its six million customers—including big names like Fitbit, Uber, and OKCupid—onto the website of a smaller subset of customers. In practice, it meant that a snippet of information about an Uber ride you took, or even your Uber password, could have ended up hidden away in the code of another site.
>For the most part, the exposed data wasn’t posted on well-known or high-traffic sites, and even if it had been it wasn’t easily visible. But some of the leaked data included sensitive cookies, login credentials, API keys, and other important authentication tokens, including some of Cloudflare’s own internal cryptography keys. And as Cloudflare’s service spewed random information, that data was being recorded in caches by search engines like Google and Bing and other systems.
>>59127361
Did you also get the email OP?
>Fortunately, your domain is not one of the domains where we have discovered exposed data in any third party caches. The bug has been patched so it is no longer leaking data. However, we continue to work with these caches to review their records and help them purge any exposed data we find. If we discover any data leaked about your domains during this search, we will reach out to you directly and provide you full details of what we have found
>>59127402
>Fortunately, your domain is not one of the domains where we have discovered exposed data in any third party caches
>where we have discovered
>we have
For a company that prides themselves on security even going as far as to state they're able to handle any DDoS attacks thrown at them they sure do act like amateurs when it comes to real security.